880 research outputs found
Assessing and augmenting SCADA cyber security: a survey of techniques
SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability
Online Human-Bot Interactions: Detection, Estimation, and Characterization
Increasing evidence suggests that a growing amount of social media content is
generated by autonomous entities known as social bots. In this work we present
a framework to detect such entities on Twitter. We leverage more than a
thousand features extracted from public data and meta-data about users:
friends, tweet content and sentiment, network patterns, and activity time
series. We benchmark the classification framework by using a publicly available
dataset of Twitter bots. This training data is enriched by a manually annotated
collection of active Twitter users that include both humans and bots of varying
sophistication. Our models yield high accuracy and agreement with each other
and can detect bots of different nature. Our estimates suggest that between 9%
and 15% of active Twitter accounts are bots. Characterizing ties among
accounts, we observe that simple bots tend to interact with bots that exhibit
more human-like behaviors. Analysis of content flows reveals retweet and
mention strategies adopted by bots to interact with different target groups.
Using clustering analysis, we characterize several subclasses of accounts,
including spammers, self promoters, and accounts that post content from
connected applications.Comment: Accepted paper for ICWSM'17, 10 pages, 8 figures, 1 tabl
DECEPTION BASED TECHNIQUES AGAINST RANSOMWARES: A SYSTEMATIC REVIEW
Ransomware is the most prevalent emerging business risk nowadays. It seriously affects business continuity and operations. According to Deloitte Cyber Security Landscape 2022, up to 4000 ransomware attacks occur daily, while the average number of days an organization takes to identify a breach is 191. Sophisticated cyber-attacks such as ransomware typically must go through multiple consecutive phases (initial foothold, network propagation, and action on objectives) before accomplishing its final objective. This study analyzed decoy-based solutions as an approach (detection, prevention, or mitigation) to overcome ransomware. A systematic literature review was conducted, in which the result has shown that deception-based techniques have given effective and significant performance against ransomware with minimal resources. It is also identified that contrary to general belief, deception techniques mainly involved in passive approaches (i.e., prevention, detection) possess other active capabilities such as ransomware traceback and obstruction (thwarting), file decryption, and decryption key recovery. Based on the literature review, several evaluation methods are also analyzed to measure the effectiveness of these deception-based techniques during the implementation process
A user driven cloud based multisystem malware detection system
Using compromised or malicious sites to launch attacks against client systems is a growing attack vector in today\u27s threat landscape. Attackers are able to stand up new sites at an alarming rate while client systems are constantly evolving, and exposing new vulnerabilities that are able to be exploited by an attacker. Additionally, client systems are growing in value for attackers as they often contain personal information, banking information, and passwords. Historically, analyzing new sites for malicious content has been a very manual process or an automated process where the end users\u27 needs were removed from the process. This thesis explores the power of cloud computing technologies capability of real time malware analysis and bringing the user back into the analysis process by using the user\u27s browsing activity to generate URLs for analysis. This paper examines the design of such a system as well as the results of the prototype of the system.
Using a single prototype machine, it is experimentally shown that cloud computing technology is capable of performing an analysis of web sites in near real time. The prototype system performed experiments with two operating systems (Windows 7 and Lubuntu Linux) as well as machine learning algorithms to gather the latency and throughput. The average analysis time for the prototype system was less than 0.5 seconds with a single virtual machine having a throughput of around 1,000 sites per hour. In addition, the technology presented by this thesis is scalable as many virtual machines are capable of being spun up on a single piece of hardware
Automatic Configuration of Programmable Logic Controller Emulators
Programmable logic controllers (PLCs), which are used to control much of the world\u27s critical infrastructures, are highly vulnerable and exposed to the Internet. Many efforts have been undertaken to develop decoys, or honeypots, of these devices in order to characterize, attribute, or prevent attacks against Industrial Control Systems (ICS) networks. Unfortunately, since ICS devices typically are proprietary and unique, one emulation solution for a particular vendor\u27s model will not likely work on other devices. Many previous efforts have manually developed ICS honeypots, but it is a very time intensive process. Thus, a scalable solution is needed in order to automatically configure PLC emulators. The ScriptGenE Framework presented in this thesis leverages several techniques used in reverse engineering protocols in order to automatically configure PLC emulators using network traces. The accuracy, flexibility, and efficiency of the ScriptGenE Framework is tested in three fully automated experiments
Improving intrusion detection systems using data mining techniques
Recent surveys and studies have shown that cyber-attacks have caused a
lot of damage to organisations, governments, and individuals around the world.
Although developments are constantly occurring in the computer security field,
cyber-attacks still cause damage as they are developed and evolved by
hackers. This research looked at some industrial challenges in the intrusion
detection area. The research identified two main challenges; the first one is that
signature-based intrusion detection systems such as SNORT lack the capability of
detecting attacks with new signatures without human intervention. The other
challenge is related to multi-stage attack detection, it has been found that
signature-based is not efficient in this area. The novelty in this research is
presented through developing methodologies tackling the mentioned challenges.
The first challenge was handled by developing a multi-layer classification
methodology. The first layer is based on decision tree, while the second layer is a
hybrid module that uses two data mining techniques; neural network, and fuzzy
logic. The second layer will try to detect new attacks in case the first one fails to
detect. This system detects attacks with new signatures, and then updates the
SNORT signature holder automatically, without any human intervention. The
obtained results have shown that a high detection rate has been obtained with
attacks having new signatures. However, it has been found that the false positive
rate needs to be lowered. The second challenge was approached by evaluating IP
information using fuzzy logic. This approach looks at the identity of participants
in the traffic, rather than the sequence and contents of the traffic. The results have
shown that this approach can help in predicting attacks at very early stages in
some scenarios. However, it has been found that combining this approach with a
different approach that looks at the sequence and contents of the traffic, such as
event- correlation, will achieve a better performance than each approach
individually
Three Decades of Deception Techniques in Active Cyber Defense -- Retrospect and Outlook
Deception techniques have been widely seen as a game changer in cyber
defense. In this paper, we review representative techniques in honeypots,
honeytokens, and moving target defense, spanning from the late 1980s to the
year 2021. Techniques from these three domains complement with each other and
may be leveraged to build a holistic deception based defense. However, to the
best of our knowledge, there has not been a work that provides a systematic
retrospect of these three domains all together and investigates their
integrated usage for orchestrated deceptions. Our paper aims to fill this gap.
By utilizing a tailored cyber kill chain model which can reflect the current
threat landscape and a four-layer deception stack, a two-dimensional taxonomy
is developed, based on which the deception techniques are classified. The
taxonomy literally answers which phases of a cyber attack campaign the
techniques can disrupt and which layers of the deception stack they belong to.
Cyber defenders may use the taxonomy as a reference to design an organized and
comprehensive deception plan, or to prioritize deception efforts for a budget
conscious solution. We also discuss two important points for achieving active
and resilient cyber defense, namely deception in depth and deception lifecycle,
where several notable proposals are illustrated. Finally, some outlooks on
future research directions are presented, including dynamic integration of
different deception techniques, quantified deception effects and deception
operation cost, hardware-supported deception techniques, as well as techniques
developed based on better understanding of the human element.Comment: 19 page
- …